Loading…
← Back to schedule
Defending Enterprises - 2026 Edition
LIMITED
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
Limited Capacity seats available
Updated for 2026, our immersive 2-day Defending Enterprises training is the natural counterpart to our popular Hacking Enterprises course.


Not only have several existing topics had major tweaks; the training includes an entirely new section on Entra ID and Azure cloud based attacks! 


You’ll play a SOC analyst in our Microsoft Sentinel cloud-based lab and try to rapidly locate IOA’s and IOC’s from a live enterprise breach executed by the trainers in real time.
Whether you’re new to Kusto Query Language (KQL) or a seasoned pro, there’s plenty for you in the 2-days! Yes, we’re using Microsoft Sentinel, but the underlying threat detection theory, logic and threat hunting approach is transferable into your own environments, whatever your preferred platform.


We look at the top 10+ methods we use in offensive engagements and show how these can be caught, along with numerous other examples and methods that go above and beyond these common TTPs!


This training goes beyond threat hunting as we peek into the world of detection engineering and the processes involved in converting logic into alerts!
With 14 hands-on exercises, many of which also featuring extra time and bonus content, you’ll gain real-world experience in the following areas:


* Introduction to Kusto Query Language (KQL)
* Reviewing popular phishing attacks and living off the land techniques
* Locating C2 traffic and beaconing activity
* Detecting persistence activities
* Digging into credential exploitation (Kerberoasting, Pass-the-Hash, Pass-the-Ticket, DCSync)
* Reviewing Active Directory Certificate Services (AD CS) attacks
* Identifying lateral movement (WinRM, SMB)
* Cloud Attacks (Entra ID Enumeration, Azure IMDS, Authentication Tokens, Conditional Access, App Registrations)
* + much more!


We know 2 days isn't a lot of time, so you'll also get 14-days FREE lab time after class and Discord access for support.

Prerequisites: Detection methods will be taught during training, however an understanding of KQL concepts would be beneficial, and previous SOC experience and/or pentesting is advantageous but not required.
Trainers
avatar for Jeroen

Jeroen "Jay" Hoof

Instructor, SANS
Jeroen Hoof is a SANS Certified Instructor Candidate for SEC504: Hacker Tools, Techniques, and Incident Handling and a Security Operations Specialist at Davinsi Labs, where he specializes in intrusion analysis, SOC operations and detection engineering. With a career spanning law enforcement investigations, SOC operations, and cyber breach response, Jeroen brings a practitioner’s perspective... Read More →
avatar for Owen Shearing

Owen Shearing

Director, In.security
Owen (@rebootuser) is a co-founder of In.security, a specialist cyber security consultancy offering technical and training services based in the UK. He has a strong background in networking and IT infrastructure, with well over two decades of experience in technical security roles... Read More →
Thursday September 10, 2026 8:00am - Friday September 11, 2026 5:00pm CDT
Microsoft Technology Center (Aon Center)
  Training

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Tweet Share

Get help with the event

Contact event planner Event login
View support guides Find upcoming events
Create an event you'd love to attend!
Explore why organizers choose Sched Success stories
Event App Event scheduling Event registration Event ticketing Sched forms Call for papers Badges Conferences
© 2026. SCHED LLC - All rights reserved - Helping events since 2008
Event Planning Software Privacy Terms
Share Modal

Share this link via

Or copy link